security vulnerability – Experimental News Clipping Site

Slashdot: Plex Suffers Security Incident Exposing User Data and Urging Password Resets

Sep 8, 2025

—

by

Source URL: https://yro.slashdot.org/story/25/09/08/229201/plex-suffers-security-incident-exposing-user-data-and-urging-password-resets?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Plex Suffers Security Incident Exposing User Data and Urging Password Resets Feedly Summary: AI Summary and Description: Yes Summary: The report discusses a security incident involving Plex, a media server company, where unauthorized access to user accounts occurred. The incident exposes emails, usernames, and hashed passwords, prompting Plex to…

The Register: Critical, make-me-super-user SAP S/4HANA bug under active exploitation

Sep 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/05/critical_sap_s4hana_bug_exploited/ Source: The Register Title: Critical, make-me-super-user SAP S/4HANA bug under active exploitation Feedly Summary: 9.9-rated flaw on the loose, so patch now A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.… AI Summary and Description: Yes…

The Register: Attackers snooping around Sitecore, dropping malware via public sample keys

Sep 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/04/unknown_miscreants_snooping_around_sitecore/ Source: The Register Title: Attackers snooping around Sitecore, dropping malware via public sample keys Feedly Summary: You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping…

Bulletins: Vulnerability Summary for the Week of August 25, 2025

Sep 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-245 Source: Bulletins Title: Vulnerability Summary for the Week of August 25, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown…

The Register: Researcher who found McDonald’s free-food hack turns her attention to Chinese restaurant robots

Aug 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/29/pudu_robots_hackable/ Source: The Register Title: Researcher who found McDonald’s free-food hack turns her attention to Chinese restaurant robots Feedly Summary: The admin controls were left wide open on Pudu’s robots A researcher caught the world’s leading supplier of commercial service robots using shoddy admin security that let attackers redirect the delivery machines to…

Slashdot: WhatsApp Fixes ‘Zero-Click’ Bug Used To Hack Apple Users With Spyware

Aug 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/08/29/2020202/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: WhatsApp Fixes ‘Zero-Click’ Bug Used To Hack Apple Users With Spyware Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a recently patched security bug in WhatsApp that was exploited to perform a sophisticated, zero-click attack on iOS and Mac devices. This highlights critical vulnerabilities in popular…

The Register: Enterprise password management outfit Passwordstate patches Emergency Access bug

Aug 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/29/enterprise_password_management_outfit_passwordstate/ Source: The Register Title: Enterprise password management outfit Passwordstate patches Emergency Access bug Feedly Summary: Up to 29,000 organizations and potentially 370,000 security and IT pros affected Australian development house Click Studios has warned users of its Passwordstate enterprise password management platform to update immediately if not sooner, following the discovery of…

The Register: Thousands of Citrix NetScaler boxes still sitting ducks despite patches

Aug 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/28/thousands_of_citrix_netscaler_boxes/ Source: The Register Title: Thousands of Citrix NetScaler boxes still sitting ducks despite patches Feedly Summary: Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week,…

Embrace The Red: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

Aug 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/aws-kiro-aribtrary-command-execution-with-indirect-prompt-injection/ Source: Embrace The Red Title: AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection Feedly Summary: On the day AWS Kiro was released, I couldn’t resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt…

Embrace The Red: How Prompt Injection Exposes Manus’ VS Code Server to the Internet

Aug 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/manus-ai-kill-chain-expose-port-vs-code-server-on-internet/ Source: Embrace The Red Title: How Prompt Injection Exposes Manus’ VS Code Server to the Internet Feedly Summary: Today we will cover a powerful, easy to use, autonomous agent called Manus. Manus is developed by the Chinese startup Monica, based in Singapore. This post demonstrates an end-to-end indirect prompt injection attack leading…

Tag: security vulnerability